langchain-talor-serp

v0.1.0 suspicious
5.0
Medium Risk

LangChain integration for Talor SERP API — 33 search engines in one tool

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows some signs of potential risk due to its metadata, which indicates a recent upload and lack of maintainer history. However, the package does not exhibit typical indicators of malicious activity such as network, shell, obfuscation, or credential risks.

  • High metadata risk score
  • No clear history of maintenance
Per-check LLM notes
  • Network: Network calls are expected for packages that interact with external services, but the endpoint and payload should be reviewed to ensure legitimacy.
  • Shell: No shell execution patterns detected.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
  • Credentials: No credential harvesting patterns detected, indicating low risk of secret theft.
  • Metadata: The package is highly suspicious due to its recent upload and lack of maintainer history.

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • **kwargs) response = httpx.post( self.endpoint, data=payload,
  • **kwargs) async with httpx.AsyncClient(timeout=self.timeout) as client: response = awai
  • timezone response = httpx.get( self._history_endpoint, params=para
  • timezone async with httpx.AsyncClient(timeout=self.timeout) as client: response = awai
  • timezone response = httpx.get( self._statistics_endpoint, params=p
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 10.0

5 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T02:39:37.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)